Communications

Senators Demand FCC Answer For Fake Comments After Realizing Their Identities Were Stolen (gizmodo.com) 185

Two US senators -- one Republican, one Democrat who both had their identities stolen and then used to post fake public comments on net neutrality -- are calling on FCC Chairman Ajit Pai to address how as many as two million fake comments were filed under stolen names. From a report: Senators Jeff Merkley, Democrat of Oregon, and Pat Toomey, Republican of Pennsylvania, are among the estimated "two million Americans" whose identities were used to file comments to the FCC without their consent. "The federal rulemaking process is an essential part of our democracy and allows Americans the opportunity to express their opinions on how government agencies decide important regulatory issues," the pair of lawmakers wrote [PDF].

"As such, we are concerned about the aforementioned fraudulent activity. We need to prevent the deliberate misuse of Americans' personal information and ensure that the FCC is working to protect against current and future vulnerabilities in its system. We encourage the FCC to determine who facilitated these fake comments," the letter continues. "While we understand and agree with the need to protect individuals' privacy, we request that the FCC share with the public the total number of fake comments that were filed."

Canada

People Hate Canada's New 'Amber Alert' System (www.cbc.ca) 324

The CBC reports: When the siren-like sounds from an Amber Alert rang out on cellular phones across Ontario on Monday, it sparked a bit of a backlash against Canada's new mobile emergency alert system. The Ontario Provincial Police had issued the alert for a missing eight-year-old boy in the Thunder Bay region. (The boy has since been found safe)... On social media, people startled by the alerts complained about the number of alerts they received and that they had received separate alerts in English and French... Meanwhile, others who were located far from the incident felt that receiving the alert was pointless. "I've received two Amber Alerts today for Thunder Bay, which is 15 hours away from Toronto by car," tweeted Molly Sauter. "Congrats, you have trained me to ignore Emergency Alerts...."

The CRTC ordered wireless providers to implement the system to distribute warnings of imminent safety threats such as tornadoes, floods, Amber Alerts or terrorist threats. Telecom companies had favoured an opt-out option or the ability to disable the alarm for some types of alerts. But this was rejected by the broadcasting and telecommunications regulator. Individuals concerned about receiving these alerts are left with a couple of options: they can turn off their phone -- it will not be forced on by the alert -- or mute their phone so they won't hear it.

Long-time Slashdot reader knorthern knight complains that the first two alerts-- one in English, followed by one in French -- were then followed by a third (bi-lingual) alert advising recipients to ignore the previous two alerts, since the missing child had been found.
Crime

Alleged Owners of Mugshots.com Have Been Arrested For Extortion (lawandcrime.com) 101

Reader schwit1 writes: The alleged owners of Mugshots.com have been charged and arrested. These four men Sahar Sarid, Kishore Vidya Bhavnanie, Thomas Keesee, and David Usdan only removed a person's mugshot from the site if this individual paid a "de-publishing" fee, according to the California Attorney General on Wednesday. That's apparently considered extortion. On top of that, they also face charges of money laundering, and identity theft.

If you read a lot of articles about crime, then you're probably already familiar with the site (which is still up as of Friday afternoon). They take mugshots, slap the url multiple times on the image, and post it on the site alongside an excerpt from a news outlet that covered the person's arrest. According to the AG's office, the owners would only remove the mugshots if the person paid a fee, even if the charges were dismissed. This happened even if the suspect was only arrested because of "mistaken identity or law enforcement error." You can read the affidavit here.

United States

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US (vice.com) 68

Securus, the company which tracks nearly any phone across the US for cops with minimal oversight, has been hacked, Motherboard reported Wednesday. From the report: The hacker has provided some of the stolen data to Motherboard, including usernames and poorly secured passwords for thousands of Securus' law enforcement customers. Although it's not clear how many of these customers are using Securus's phone geolocation service, the news still signals the incredibly lax security of a company that is granting law enforcement exceptional power to surveill individuals. "Location aggregators are -- from the point of view of adversarial intelligence agencies -- one of the juiciest hacking targets imaginable," Thomas Rid, a professor of strategic studies at Johns Hopkins University, told Motherboard in an online chat.
United States

US Congressmen Reveal Thousands of Facebook Ads Bought By Russian Trolls (mercurynews.com) 309

An anonymous reader writes: Democrats on the House Intelligence Committee on Thursday released about 3,400 Facebook ads purchased by Russian agents around the 2016 presidential election on issues from immigration to gun control, a reminder of the complexity of the manipulation that Facebook is trying to contain ahead of the midterm elections. The ads, which span from mid-2015 to mid-2017, illustrate the extent to which Kremlin-aligned forces sought to stoke social, cultural and political unrest on one of the Web's most powerful platforms. With the help of Facebook's targeting tools, Russia's online army reached at least 146 million people on Facebook and Instagram, its photo-sharing service, with ads and other posts, including events promoting protests around the country...

Rep. Adam Schiff of California, the top Democrat on the House Intelligence Committee, said lawmakers would continue probing Russia's online disinformation efforts. In February, Robert S. Mueller III, the special counsel investigating Russia and the 2016 election, indicted individuals tied to the IRA for trying to interfere in the presidential race. "They sought to harness Americans' very real frustrations and anger over sensitive political matters in order to influence American thinking, voting and behavior," Schiff said in a statement. "The only way we can begin to inoculate ourselves against a future attack is to see first-hand the types of messages, themes and imagery the Russians used to divide us...."

The documents released Thursday also reflect that Russian agents continued advertising on Facebook well after the presidential election... They marketed a page called Born Liberal to likely supporters of Sen. Bernie Sanders, I-Vt., the data show, an ad that had more than 49,000 impressions into 2017. Together, the ads affirmed the fears of some lawmakers, including Republicans, that Russian agents have continued to try to influence U.S. politics even after the 2016 election. Russian agents also had created thousands of accounts on Twitter, and in January, the company revealed that it discovered more than 50,000 automated accounts, or bots, with links to Russia.

Businesses

Apple Scraps $1 Billion Irish Data Center Over Planning Delays (reuters.com) 197

Apple ditched plans to build an 850 million euro ($1 billion) data center in Ireland because of delays in the approval process that have stalled the project for more than three years, the iPhone maker said on Thursday. From a report: Apple announced plans in February 2015 to build the facility in the rural western town of Athenry to take advantage of green energy sources nearby, but a series of planning appeals, chiefly from two individuals, delayed its approval. Ireland's High Court ruled in October that the data center could proceed, dismissing the appellants who then took their case to the country's Supreme Court.
Security

Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk) 69

Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

Google

Google To Launch a New Set of Android Controls To Help You Manage Phone Use, Report Says (washingtonpost.com) 11

Google plans to wade into the debate over whether technology -- and the time spent on devices -- is harmful to people's health, The Washington Post reports. From the report: At its annual developer conference, scheduled to kick off in its hometown of MountainView, Calif., on Tuesday, Google is set to announce a new set of new controls to its Android operating system, oriented around helping individuals and families manage the time they spend on mobile devices [Editor's note: the link may be paywalled; alternative source], according to a person familiar with the company's thinking.

In his keynote address on Tuesday, chief executive Sundar Pichai is expected to emphasize the theme of responsibility, the person said. Last year's keynote was more focused on developments in artificial intelligence. The anticipated shift in tone at the event reflects increased public skepticism and scrutiny of the technology industry as it reckons with the negative consequences of how its products are used by billions of people.

Advertising

Placing Election Ads On Google Will Require a Government ID (gizmodo.com) 227

Google announced new policies Friday that will require advertisers to prove they are a U.S. citizen or permanent resident when buying election ads. "Under the new guidelines, Google will ask advertisers -- be they individuals, organizations, or political action committees -- to prove they are who they claim to be," reports Gizmodo. "It will also require the ads to include a clear disclosure of who is paying for it." From the report: The change comes after Google and other social media companies revealed their advertising platforms were abused by foreign actors, including the Russian government-backed troll farm Internet Research Agency, during the 2016 U.S. presidential election. It also places Google's policies in line with U.S. laws for traditional media that restrict foreign entities from running election ads. Where Google's effort falls short, at least in its current iteration, is the new policies only cover ads featuring candidates running for office. So-called "issue ads" that advocate a certain point of view on hot-button topics are not covered in Google's policies.
Privacy

Are We Living in a World Where You Can't Opt Out of Data Sharing? (fivethirtyeight.com) 126

Long-time Slashdot reader Mr_Blank quotes the senior science writer at FiveThirtyEight on a new type of privacy violation: It's what happens when one person's voluntary disclosure of personal information exposes the personal information of others who had no say in the matter. Your choices didn't cause the breach. Your choices can't prevent it, either. Welcome to a world where you can't opt out of sharing, even if you didn't opt in... We all saw this in action in the recent Cambridge Analytica scandal. The "privacy of the commons" is how the 270,000 Facebook users who actually downloaded the "thisisyourdigitallife" app turned into as many as 87 million users whose data ended up in the hands of a political marketing firm.

Much of the narrative surrounding that scandal has focused on what individuals should be doing to protect themselves. But that idea that privacy is all about your individual decisions is part of the problem, said Julie Cohen, a technology and law professor at Georgetown University. "There's a lot of burden being put on individuals to have an understanding and mastery of something that's so complex that it would be impossible for them to do what they need to do," she said...

[E]xperts say these examples show that we need to think about online privacy less as a personal issue and more as a systemic one. Our digital commons is set up to encourage companies and governments to violate your privacy. If you live in a swamp and an alligator attacks you, do you blame yourself for being a slow swimmer? Or do you blame the swamp for forcing you to hang out with alligators? There isn't yet a clear answer for what the U.S. should do. Almost all of our privacy law and policy is framed around the idea of privacy as a personal choice, Cohen said. The result: very little regulation addressing what data can be collected, how it should be protected, or what can be done with it.

Facebook

Tens of Thousands of Malicious Apps Use Facebook's APIs (threatpost.com) 28

Slashdot reader lod123 quotes ThreatPost: At least 25,936 malicious apps are currently using one of Facebook's APIs, such as a login API or messaging API. These allow apps to access a range of information from Facebook profiles, like name, location and email address. Trustlook discovered the malicious apps using a formula, which created a risk score for apps based on more than 80 pieces of information for each app, including permissions, libraries, risky API calls and network activity... A malicious app (with a risk score above 7) "might be doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls," a spokesperson told Threatpost...

To be fair, Facebook is not the only company with its APIs embedded in malicious applications... "The problem, for the most part, is that this is data that is provided when their login is used elsewhere. The API is simply passing through intelligence it has gathered from their profile," said Chris Roberts, chief security architect at Acalvio, via email. "LinkedIn, Google and Twitter, among others, have similarly flawed APIs that can be used to harvest information both about you (the target) and possibly associated individuals...depending upon queries and other developer privileges that are being exploited."

A Trustlook spokesperson summarized their position after the report. "Just as Coke does not want its ads running on certain websites, Facebook should not want malicious app developers using its APIs."
Software

North Korean Antivirus Software Uses Decade Old Pirated Scan Engine (betanews.com) 68

With a name like 'SiliVaccine' you could be forgiven it's something your doctor would give you if you were worried about turning into a clown. But in fact this is North Korea's home grown antivirus product. From a report: Check Point Software has obtained and analyzed a rare copy of the software and discovered key components of its source code to be identical to a 10-year old copy of Trend Micro's AV software. Analysis has also uncovered that SiliVaccine is designed to allow a specific malware signature to pass undetected to users, and an update patch for the software contained JAKU malware, which has been used to target and track specific individuals in South Korea and Japan. Check Point believes this could have been used to target journalists who write about North Korean affairs.
Youtube

YouTube Is Removing Some Nootropics Channels (vice.com) 243

According to Wikipedia, nootropics are drugs, supplements, and other substances that improve cognitive function, particularly executive functions, memory, creativity, or motivation, in healthy individuals. Many of them are not regulated by the Food and Drug Administration, and some have reported addiction and harm, as well as uncomfortable side effects. These concerns may be behind YouTube's recent decision to delete at least three nootropics channels over the past three days. Motherboard reports: The nootropics YouTubers don't know why YouTube penalized them. YouTube's community guidelines prohibit harmful or dangerous content, including "hard drug use," which seems like the most likely reason. [Ryan Michael Ballow, a YouTuber whose channel "Cortex Labs Nootropics" was deleted] believes it's either "pharmaceutical industry influence" or some other elements within YouTube's leadership decided to target nootropics specifically. "It's all extremely fishy, and demonstrates a continued censorship trend with YouTube," he said in an email. [Jonathan Roseland, another YouTube that recently had their channel "Limitless Mindset" deleted] guessed his channel got flagged because he made videos about kratom, an opioid-like substance that has been linked to deaths and is coming under increased government regulation. Other kratom videos have apparently been removed. But Ballow said he's never posted a video about kratom, and a search for "kratom" on YouTube pulls up countless results, including reviews. Similarly, searching for nootropics, magnesium, aniracetam, oxiracetam, and Modafinil showed no shortage of videos, including reviews.

It's hard to know why the channels were removed since YouTube declined to clarify specifics with the creators and did not respond to a request for comment. YouTube allows creators to appeal enforcement decisions, but Ballow's appeal was rejected. The rejection notice did not clearly state which guidelines were violated, but it pointed to another potential violation. YouTube "included a paragraph that states that if the sole purpose of your YouTube videos is to drive people off of the platform, said videos break the rules," Ballow said. He interpreted this to mean the fact that his videos directed viewers to other websites to buy products.

Medicine

In First, Doctors Treat Rare Genetic Disorder With an Injection In Utero (arstechnica.com) 52

An anonymous reader quotes a report from Ars Technica: Three babies with a rare genetic disorder have been spared the worst effects of their condition thanks to an experimental injection they received in utero, researchers report this week in The New England Journal of Medicine. The success marks the first time a genetic disorder has been partially reversed by such a treatment prior to birth. The in utero injections treated a rare, recessive genetic condition called X-linked hypohidrotic ectodermal dysplasia (XLHED), which affects the development of skin, hair, nails, and teeth. People with the disorder have sparse body and head hair, dry eyes, mouths, and airways, and few teeth, which are usually pointy. But most dangerously, the condition also disrupts development of sweat glands throughout the body. People with XLHED have fewer sweat glands and/or poorly functioning ones. This leaves individuals vulnerable to high fevers and over-heating (hyperthermia), which can be life-threatening and lead to medical complications.

For the new experimental treatment, the researchers realized that it all came down to timing. Humans develop sweat glands much earlier in their development, generally between the 20th and 30th week of pregnancy. To prevent XLHED from wreaking havoc, the researchers needed to deliver the protein prior to birth. After testing the idea for safety and efficacy in mice and monkeys, doctors in Germany got a compassionate-use approval to try it in a 38-year-old pregnant woman. She had a family history of XLHED, a young son with the condition, and was found to be carrying twin boys with it, too. [...] The researchers will track the babies' development to see if the effects are permanent, but data from animals suggests that they will be.

Facebook

Fake Mark Zuckerbergs Scam Facebook Users Out of Their Cash (nytimes.com) 59

Hundreds of Facebook and Instagram accounts have been parading as Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg, tricking vulnerable individuals into sending large amounts of money in order to collect bogus lottery winnings, the New York Times reports [Editor's note: the link may be paywalled]. From a report: An examination by The New York Times found 205 accounts impersonating Mr. Zuckerberg and Ms. Sandberg on Facebook and its photo-sharing site Instagram, not including fan pages or satire accounts, which are permitted under the company's rules. At least 51 of the impostor accounts, including 43 on Instagram, were lottery scams like the one that fooled Mr. Bernhardt.

The fake Zuckerbergs and faux Sandbergs have proliferated on Facebook and Instagram, despite the presence of Facebook groups that track the scams and complaints about the trick dating to at least 2010. A day after The Times informed Facebook of its findings, the company removed all 96 impostor Mark Zuckerberg and Sheryl Sandberg accounts on its Facebook site. It had left up all but one of the 109 fakes on Instagram, but removed them after this article was published.

The Internet

Pornhub Hasn't Been Actively Enforcing Its Deepfake Ban (engadget.com) 97

Pornhub said in February that it was banning AI-generated deepfake videos, but BuzzFeed News found that it's not doing a very good job at enforcing that policy. The media company found more than 70 deepfake videos -- depicting graphic fake sex scenes with Emma Watson, Scarlett Johanson, and other celebrities -- were easily searchable from the site's homepage using the search term "deepfake." From the report: Shortly after the ban in February, Mashable reported that there were dozens of deepfake videos still on the site. Pornhub removed those videos after the report, but a few months later, BuzzFeed News easily found more than 70 deepfake videos using the search term "deepfake" on the site's homepage. Nearly all the videos -- which included graphic and fake depictions of celebrities like Katy Perry, Scarlett Johansson, Daisy Ridley, and Jennifer Lawrence -- had the word "deepfake" prominently mentioned in the title of the video and many of the names of the videos' uploaders contained the word "deepfake." Similarly, a search for "fake deep" returned over 30 of the nonconsensual celebrity videos. Most of the videos surfaced by BuzzFeed News had view counts in the hundreds of thousands -- one video featuring the face of actor Emma Watson garnered over 1 million views. Some accounts posting deepfake videos appeared to have been active for as long as two months and have racked up over 3 million video views. "Content that is flagged on Pornhub that directly violates our Terms of Service is removed as soon as we are made aware of it; this includes non-consensual content," Pornhub said in a statement. "To further ensure the safety of all our fans, we officially took a hard stance against revenge porn, which we believe is a form of sexual assault, and introduced a submission form for the easy removal of non-consensual content." The company also provided a link where users can report any "material that is distributed without the consent of the individuals involved."
Medicine

'Is Curing Patients a Sustainable Business Model?' Goldman Sachs Analysts Ask (arstechnica.com) 368

In an April 10 report for biotech clients, Goldman Sachs analysts noted that one-shot cures for diseases are not great for business as they're bad for longterm profits. The investment banks' report, titled "The Genome Revolution," asks clients: "Is curing patients a sustainable business model?" The answer may be "no," according to follow-up information provided. Slashdot reader tomhath shares the report from Ars Technica: Analyst Salveen Richter and colleagues laid it out: "The potential to deliver 'one shot cures' is one of the most attractive aspects of gene therapy, genetically engineered cell therapy, and gene editing. However, such treatments offer a very different outlook with regard to recurring revenue versus chronic therapies... While this proposition carries tremendous value for patients and society, it could represent a challenge for genome medicine developers looking for sustained cash flow."

For a real-world example, they pointed to Gilead Sciences, which markets treatments for hepatitis C that have cure rates exceeding 90 percent. In 2015, the company's hepatitis C treatment sales peaked at $12.5 billion. But as more people were cured and there were fewer infected individuals to spread the disease, sales began to languish. Goldman Sachs analysts estimate that the treatments will bring in less than $4 billion this year. [Gilead]'s rapid rise and fall of its hepatitis C franchise highlights one of the dynamics of an effective drug that permanently cures a disease, resulting in a gradual exhaustion of the prevalent pool of patients," the analysts wrote. The report noted that diseases such as common cancers -- where the "incident pool remains stable" -- are less risky for business.

Bitcoin

Japan Could Have More Than 3 Million Cryptocurrency Traders (coindesk.com) 35

According to Japan's Financial Services Agency (FSA), the country has at least 3.5 million individuals that are trading with cryptocurrencies as actual assets. "Among them, crypto investors in their 20s, 30s and 40s make up a major share, accounting for 28, 34, and 22 percent, respectively, of the total crypto trader population in Japan," reports CoinDesk. From the report: Announced at the first meeting of a cryptocurrency exchange study group established by the FSA in early March, the data release marks the latest effort by the financial watchdog in bringing greater transparency to the industry following a recent hack of one of the domestic exchange Coincheck. According to the FSA, the study and disclosure of the domestic trading statistics is a first step towards a more comprehensive examination over institutional issues in the cryptocurrency trading space in Japan. In comparison, the financial regulator also disclosed in the latest report that the number of traders investing in cryptocurrency margins and futures is about 142,842 as of the end of March. What's perhaps notable is the major contrast in the growth of yearly trading volume drawn to these two different types of investments. According to the FSA's data, for example, yearly trading volume of the actual bitcoin cryptocurrency has grown from $22 million as of Mar. 31 in 2014 to $97 billion in 2017. Yet at the same time, trading on margins, credit and futures of bitcoin as an underlying asset has surged from only $2 million in 2014 to a whopping $543 billion just in 2017 alone, the agency said.
Security

Don't Give Away Historic Details About Yourself (krebsonsecurity.com) 158

Brian Krebs: Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as "What was your first job," or "What was your first car?" The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to "secret questions" that can be used to unlock access to a host of your online identities and accounts. I'm willing to bet that a good percentage of regular readers here would never respond -- honestly or otherwise -- to such questionnaires (except perhaps to chide others for responding). But I thought it was worth mentioning because certain social networks -- particularly Facebook -- seem positively overrun with these data-harvesting schemes. What's more, I'm constantly asking friends and family members to stop participating in these quizzes and to stop urging their contacts to do the same.

On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.

Google

Google Seeks To Limit 'Right To Be Forgotten' By Claiming It's Journalistic (cjr.org) 203

"In the first 'right to be forgotten' case to reach England's High Court, two men are fighting to keep their past crimes out of Google's search results, and the tech giant is fighting back by claiming it's 'journalistic.'" Chava Gourarie reports via Columbia Journalism Review: The case, which is actually two nearly identical cases, involves two businessmen who were both convicted of white-collar crimes in the '90s, and requested that Google delist several URLs referencing their convictions, including news articles. When Google denied their requests, they sued under a 2014 European Union ruling which established the right of individuals to have information delisted from search indexes under certain conditions. In its defense, Google has argued that it should be protected under an exception for journalism because it provides access to journalistic content. Even as a legal sleight of hand, the argument is quite a departure from Google's customary efforts to present itself as a disinterested arbiter of information, a position that has become more untenable with time.

Gareth Corfield, a reporter for The Register who covered the cases from the courtroom, said it's disingenuous of Google to put on the mantle of journalism only when it suits them. "They've gone through great lengths to say they don't make any editorial judgement in processing results," Corfield said, but "it now wants you to believe it is on a par with journalism." As the first case to test the "right to be forgotten" in England's High Court, its outcome will likely set some ground rules in the roiling debate between personal privacy and freedom of expression on the internet. Google's sudden identification with journalism may be a legal gambit, but it could have far-reaching effects across the landscape of data protection laws.

Slashdot Top Deals